Passwords: How to Choose Safe Ones

Is your favorite password secure? Could a hacker quickly crack it? For most of us, the answers to these questions are “no” and “yes, much faster than you think.”

The easiest, most effective, and most neglected security tool is a strong password. Some pointers:

Configure your computer so a password or fingerprint is required to use it. If you’re a Mac user, turn on and use FileVault, which uses your password to protect everything on the device.

Make passwords long. Secure passwords consist of at least 16 characters, but the longer, the better.

Avoid incorporating common phrases. Create long passwords, but avoid common phrases, such as “LukeIamYourFather2017!” One effective strategy is to pick a relatively obscure but easy-to-remember secret phrase or sentence and add numbers or punctuation. For example, if your secret phrase is “I love writing articles for Checkbook magazine,” you can add additional characters to create the password “&Ilovewritingarticlesfor1625Checkbookmagazine!”

Change them up. Choose a different password for your computer, your email, and each website login. If you use the same password everywhere, then a lot of databases will have your master password, and anyone who steals it from one site has access to your entire digital existence.

Consider password-management software. Since we sometimes forget the names of our children, we know it’s unrealistic to suggest you remember dozens of different nearly random passwords. Password managers can help by remembering them for you or—even better—creating completely random passwords and then saving them under your master key. Some password managers will even analyze your passwords and alert you if they are weak or used on multiple websites. Good options include Google Chrome’s built-in manager LastPass, Dashlane, and 1Password. Macs come with Keychain, Apple’s password-management system, which you have to use to log on to its devices, but it’s wise to use a separate password manager for websites you use.

Enable multifactor authentication. Many websites now allow or require users to set up multifactor, or two-factor, authentication. This usually means that the website sends a text message with a temporary code you have to enter to complete registration, change a password, or log on from a new device.

Complex passwords are just one step toward maximizing security, but they’ll do nothing if you carelessly let someone take control of your data—the hacker could simply record every action you take and every keystroke you input. Our article on how to maintain your computer and keep it secure details ways to minimize the risk of attacks.